Referenced in our Newsletter Volume 3, Issue 4 - April 2004
Employee Master File Analysis
This month's review is focused on exposing different types of situations that potentially indicate fraud. Corporations of all sizes have issues covering all aspects of their operations including personnel, goods/services, and finance/accounting. The following examples show the types of patterns and analyses that are being performed to better understand vulnerabilities and financial exposure within a mid-sized company.
One of the datasets used in this example is based on the Employee Master File, which contains general information for all employees including their name, address, telephone number, and employment status. In the following diagram, the data was clustered within VisuaLinks based on the employment status field to show a total of 4 active groups.
The majority of the values were either "T" for terminated or "A" for active (icons in the chart were defined according to these values).
It was also noted there are 6 people with both "T" and "A" as their employment status - clearly, this is an anomaly and represents a control problem within the HR system. The single employee with a value of "L" is on leave from the company.
Using this information, the networks were expanded to bring in the addresses contained in the Employee Master File. The next diagram shows a high-level chart depicting this data with 291 employees and 281 addresses. In the upper-left part of this chart, it can be seen there are several employees sharing the same addresses.
Upon closer examination of the data, there are some relationships that raise concern with respect to active and terminated employees residing at the same address. The names and addresses in this next diagram are hidden with box-overlays to protect their privacy.
|
 |
The upper-left network shows an address with 3 employees (2 active, 1 terminated) where the
last names are different; this represents a roommate situation and the company should be somewhat
concerned about retention matters.
|
| |
The next network (second from left in top row) depicts 3 employees (1 active, 2 terminated) where
all the last names are the same; the company should be very concerned with this situation regarding
retention, moral, or possible theft.
|
| |
The lower-right network shows an active and terminated employee living at the same apartment complex;
most likely there is no direct relationship between the employees and the company should not be concerned here.
|
|
Other diagrams using the phone numbers listed (e.g., home phone, emergency phone, etc) could also be used to expose commonality among the employees.
Additional analyses can also show employee-as-vendor patterns based on shared characteristics such as addresses, phone, and fax numbers. When these
types of situations are encountered and are not previously known, the company must review its internal controls for contract award, bid requirements,
and vendor payment history to determine if fraud has been committed.
|
If you found this link chart helpful you can subscribe to our newsletter to receive a new link chart each month in your email.
|
|
